samba.git/source4/libnet, branch talloc-2.3.3 Unnamed repository; edit this file 'description' to name the repository. provision: Decrease the length of random machine passwords 2021-04-07T09:18:30+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2021-02-23T13:03:25+00:00 609ca657652862fd9c81fd11f818efb74f72ff55 The current length of 128-255 UTF-16 characters currently causes generation of crypt() passwords to typically fail. This commit decreases the length to 120 UTF-16 characters, which is the same as that used by Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:libnet_rpc: avoid reusing the assoc_group_id of the lsa connection 2021-03-11T22:50:02+00:00 Stefan Metzmacher metze@samba.org 2021-03-11T14:27:01+00:00 11f3c852c75035986de745a91686e83c1d36bb3e This was an unexpected side effect introduced in commit 1b17d9a587bf3600d449c2481fe1191793479e32. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 11 22:50:02 UTC 2021 on sn-devel-184 
This was an unexpected side effect introduced in commit
1b17d9a587bf3600d449c2481fe1191793479e32.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 11 22:50:02 UTC 2021 on sn-devel-184
s4:libnet:py_net - free event context in dealloc fn 2020-11-06T04:58:31+00:00 Andrew Walker awalker@ixsystems.com 2020-11-02T21:42:29+00:00 c2fcd83ed7b5cf54b2c5de296a4126ea4e9e155e Creation of a new Net() object initializes an event context under a NULL talloc context and then creates a new talloc context as a child of the event context. The deallocation function for the net object only frees the child and not the parent. This leaks an fd for the tevent context and associated memory. Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 6 04:58:31 UTC 2020 on sn-devel-184 
Creation of a new Net() object initializes an event context under
a NULL talloc context and then creates a new talloc context as a
child of the event context. The deallocation function for the
net object only frees the child and not the parent. This leaks an
fd for the tevent context and associated memory.

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  6 04:58:31 UTC 2020 on sn-devel-184
smbdes: convert E_old_pw_hash to use gnutls 2019-12-10T00:30:31+00:00 Isaac Boukris iboukris@gmail.com 2019-11-20T14:28:39+00:00 dce944e8a1119034f184336f6b71a28080152a0a Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:libnet: Use GnuTLS RC4 in libnet_ChangePassword_samr() 2019-07-26T01:48:23+00:00 Andreas Schneider asn@samba.org 2019-07-25T03:15:46+00:00 9ea736590d9b22a7518f86b18e8c55b0d0e213d5 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:libnet: Use GnuTLS RC4 in libnet_SetPassword_samr_handle_23() 2019-07-26T01:48:23+00:00 Andreas Schneider asn@samba.org 2019-02-01T12:38:21+00:00 cdb4e12765266ae767021d932870fbfcd55ccbf6 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:libnet: Use GnuTLS RC4 in libnet_SetPassword_samr_handle_24() 2019-07-26T01:48:23+00:00 Andreas Schneider asn@samba.org 2019-02-01T12:38:21+00:00 18937f9ceb5aca23899555c5a34fe359f6fcb126 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:libnet: Use encode_rc4_passwd_buffer() in libnet_SetPassword_samr_handle_25() 2019-07-26T01:48:23+00:00 Andreas Schneider asn@samba.org 2019-07-09T11:11:54+00:00 e44ba0397c7558e1da6a46cc38237a3b0e5cef49 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:libnet: Use encode_rc4_passwd_buffer() in libnet_SetPassword_samr_handle_26() 2019-07-26T01:48:23+00:00 Andreas Schneider asn@samba.org 2019-07-09T11:01:49+00:00 5afa402bb7ba11a8eefc6e14047eeec1f3327681 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4/libnet: Fix joining a Windows pre-2008R2 DC 2019-07-04T22:49:23+00:00 Tim Beale timbeale@catalyst.net.nz 2019-07-01T05:06:31+00:00 b3a2508f2ad79e2f1007464da7dbe918933038a0 From v4.8 onwards, Samba may not be able join a DC older than 2008R2 because the Windows DC doesn't support GET_TGT. If the dsdb repl_md code can't resolve a link target it returns an error, and the calling code (e.g. drs_util.py) should retry with GET_TGT. However, GET_TGT is only supported on Windows 2008R2 and later, so if you try to join an earlier Windows DC, the join will throw an error that you can't work-around. We can avoid this problem by setting the same DSDB flag that GET_TGT sets to indicate that the link targets are as up-to-date as possible, and so there's no point retrying. Missing targets are still logged, so this at least allows the admin to fix up any problems after the join completed. I've only done this for the join case (problems during periodic replication are probably still worth escalating to an error). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14021 RN: From Samba v4.8 onwards, joining a Windows 2003 or 2008 (non-R2) AD DC may not have worked. When this problem occurred, the following message would be displayed: 'Failed to commit objects: DOS code 0x000021bf' This particular issue has now been resolved. Note that there may still be other potential problems that occur when joining an older Windows DC. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
From v4.8 onwards, Samba may not be able join a DC older than 2008R2
because the Windows DC doesn't support GET_TGT.

If the dsdb repl_md code can't resolve a link target it returns an
error, and the calling code (e.g. drs_util.py) should retry with
GET_TGT. However, GET_TGT is only supported on Windows 2008R2 and later,
so if you try to join an earlier Windows DC, the join will throw an
error that you can't work-around.

We can avoid this problem by setting the same DSDB flag that GET_TGT
sets to indicate that the link targets are as up-to-date as possible,
and so there's no point retrying. Missing targets are still logged, so
this at least allows the admin to fix up any problems after the join
completed.

I've only done this for the join case (problems during periodic
replication are probably still worth escalating to an error).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14021
RN: From Samba v4.8 onwards, joining a Windows 2003 or 2008 (non-R2) AD
DC may not have worked. When this problem occurred, the following
message would be displayed:
 'Failed to commit objects: DOS code 0x000021bf'
This particular issue has now been resolved. Note that there may still
be other potential problems that occur when joining an older Windows DC.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>